1996-05-24 - Re: The Twilight of the Remailers?

Header Data

From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
To: mpd@netcom.com (Mike Duvos)
Message Hash: eb28b58f47fd50a374b781e326305a3b0041a4fca28fb5571914578d8d9f093c
Message ID: <9605231751.AA00362@ch1d157nwk>
Reply To: <199605222008.NAA02211@netcom16.netcom.com>
UTC Datetime: 1996-05-24 00:05:02 UTC
Raw Date: Fri, 24 May 1996 08:05:02 +0800

Raw message

From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Fri, 24 May 1996 08:05:02 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: The Twilight of the Remailers?
In-Reply-To: <199605222008.NAA02211@netcom16.netcom.com>
Message-ID: <9605231751.AA00362@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Mike Duvos <mpd@netcom.com> wrote:
>   Andrew Loewenstern <lowensa@il.us.swissbank.com> wrote:
>   > While this is a nice thought, it is incorrect.  You can't
>   > "covertly inject packets into the Net, in some untraceable
>   > manner."
>
>  You can temporarily modify router tables, spoof IPs and idents,
>  and leave few traces behind once the data has been transferred,
>  particularly if the origin is some obscure foreign location.

Sure, doing this will make your packets untraceable, but for how long?   
Changing router tables and spoofing IPs is going to attract unwanted  
attention fast.  I don't think such active IP attacks are appropriate for a  
remailer running unattended.

Perhaps you mean that individual users should do these kinds of things  
instead of using remailers?  For untraceability, I would put my money on  
chained MixMasters over IP spoofing.  Besides, with IPv6 you won't be able to  
do these things anymore, but remailers will still work.

>  The idea here was to have a large number of nodes, each capable
>  of injecting data into the Net in a manner which cannot be
>  easily traced back to an individual.  These nodes would talk
>  to each other using a mechanism which obscured both eavesdropping
>  and traffic analysis of their communications, a DC-Net being
>  one possible way of doing this.

It's a good idea but it doesn't work in the real life.  You can't put a  
message in a public place (like UseNet) or send one to an unwitting e-mail  
recipient (such as a mailing list) in an untraceable manner, repeatedly over  
time.  The last remailer is going to traceable.  A DC-Net is great, but it  
isn't going to be useful to very many people if the only people you can send  
messages to are the other DC-Net participants.  Yes, this has applications,  
but it is not a replacement for the remailers we have now and are starting to  
loose at an alarming rate.

>   > Since it looks like the "everyone's a remailer" dream is
>   > not becoming a reality, the key to successful remailers is
>   > to make the *operators* untraceable as well.  If you can't
>   > trace the operator, you can't hold them liable.  We have
>   > discussed techniques for doing this before: cash paid
>   > accounts, using dialups (possibly from a public phone).
>   > The remailer must be a 'sacrificial cow' that can be > snatched
>   > up by 'authorities' at any time.

>  You could get the same effect with an instant anonymous account
>  that could be purchased with Ecash.  You would buy it on the
>  spot, send your mail, and forget about it.  For all practical
>  purposes, it would serve the same function as a remailer, and
>  steps could be taken to obscure the identity of whoever had
>  telnetted to it.

But not every piece of mail sent through a remailer is 'hot' enough to get  
it shut down.  The vast majority of traffic is harmless.   Also, taking steps  
to obscure the identity of whoever had telnetted to it is hard, way too hard  
for the average user who wants to send remail securely.  If the remailer op  
does it once to setup a remailer, then potentially a very large number of  
people can use the remailer until it gets busted.  In the mean time the  
remailer op collects postage to compensate him for his effort.

Also you later say that "I don't think most people are going to pay to  
remail."  Well if people aren't going to pay to remail, why would they pay to  
open a disposable ecash account to send a piece of untraceable mail?  How  
much will the cheapest account be?  Probably less than what a remailer, which  
can handle hundreds of messages a day, running on the exact same account  
would charge.

Then you say "Or, to put it another way, the types of traffic people will  
pay to remail are those no remailer operator will want to touch with a barge
pole."  Well duh.  My message you are refuting (and suggesting that the  
alternative is IP spoofing) is entirely centered around the idea that the  
remailer operator remain untraceable is because the traffic could potentially  
be too 'hot' for the remail-op to manage.  I guess you mean that the all the  
harmless traffic will disappear once you have to pay to play.  Well, if the  
only remailers around are for-pay ones with untraceable operators because all  
the public ones got busted, people will pay.  If people didn't want a high  
assurance of untraceability, people would just use Penet.

I don't think remail postage is going to have to be expensive.  It doesn't  
take long to pay for a $15 a month telnet-only account.  If you charged only  
a dime each, it would only take 150 messages to pay for it.  Over a month  
thats about 5 messages a day.  Sounds reasonable to me.  A 3 remailer chain  
would cost $0.30, less than snail mail...

>  Another possible approach is the "remailing packets" one.
>  You could set up a packet remailer which could be used as a
>  universal proxy server in some untouchable foreign location.
>  If we had a "packet remailer in a box", these things could
>  pop up all over the place, live a short time, and be nuked.
>  Since the communication would be real-time, concerns over
>  reliability and delivery would not exist in the same way they
>  do for the current system of remailers.

Which untouchable foreign locations do you refer to?  For all the talk of  
these glorious havens we don't have any remailers setup in them.  The  
Netherlands isn't one of them.  Neither is Germany or France for sure.  You  
can't have these "pop up all over the place" if it has to pop up in an  
untouchable foreign location that doesn't exist.  If you think people get the  
heebie jeebies about running a remailer that could possibly be used to carry  
threats or illegal pictures, just wait to you see their reaction when you  
tell them that people could use their packet remailer to hack other sites.   
While remailer traffic has a chance of getting constitutional protection (in  
this country obviously), there is no doubt that hacking machines is not  
protected.

Buying an anonymous telnet-only account with cash, then using a CyberCafe or  
some other public Net terminal to setup the remailer sounds like a much more  
viable solution for a potential remail-op than flying to Micronesia.  Or  
waiting patiently for people in these untouchable foreign locations to setup  
remailers.

Also, I think it's time to stop expecting people to rush out and setup these  
things if they were easier to setup.  People simply don't get enough benefit  
for the risk of running a remailer.  A web server is harder to setup than  
Mixmaster but there are a lot more web sites.  If remailer ops are going to  
be liable for content, then few people are going to want to do it, regardless  
of the difficulties involved of setting up the software.

Also, people want an/pseud-onymity.  Look at how many accounts the penet  
service has.  As people realize that such services offer little assurance of  
untraceability, they will turn more and more to cypherpunk remailers.  If the  
only way a remailer can stay up is if it charges then the market will decide  
if it is worth it.  I think the market is there.


andrew





Thread